keystone has no limitation for requests and headers size which may cause DB or process crash
Bug #1098177 reported by
Yaguang Tang
This bug report is a duplicate of:
Bug #1155566: Note: Keystone Request / Header Size Limits Required to Avoid DoS.
Edit
Remove
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Incomplete
|
Undecided
|
Yaguang Tang |
Bug Description
concurrent requests with large POST body can crash the keystone process.
this can be used by Malicious and lead to DOS to Cloud Service Provider.
CVE References
Changed in keystone: | |
assignee: | nobody → Yaguang Tang (heut2008) |
description: | updated |
information type: | Private Security → Public |
tags: | added: security |
To post a comment you must log in.
There is very little detail here. Can you provide some more information? Do you have something to reproduce the problem you see? Can you provide more information about what happens in the "crash" ?